EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 01-05-2019, 09:19
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Europe
Posts: 212
Rept. Given: 99
Rept. Rcvd 60 Times in 38 Posts
Thanks Given: 82
Thanks Rcvd at 68 Times in 31 Posts
deepzero Reputation: 60
NSA will release some sort of advanced IDA reversing tool in March

NSA has developed a software reverse engineering framework known as GHIDRA, which will be demonstrated for the first time at RSAC 2019. An interactive GUI capability enables reverse engineers to leverage an integrated set of features that run on a variety of platforms including Windows, Mac OS and LINUX and supports a variety of processor instruction sets. The GHIDRA platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.


https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool
The Following 16 Users Say Thank You to deepzero For This Useful Post:
alekine322 (01-06-2019), copyleft (01-06-2019), cyberbob (01-07-2019), gsaralji (01-05-2019), jgutierrez (01-12-2019), lordi (01-11-2019), niculaita (01-06-2019), nimaarek (01-05-2019), ph03n1x (01-23-2019), pps44 (01-06-2019), robotics0 (03-16-2019), Storm Shadow (01-12-2019), tom324 (01-06-2019), tonyweb (01-05-2019), Uknow007 (02-17-2019), WhoCares (01-06-2019)
  #2  
Old 01-06-2019, 01:49
WhoCares's Avatar
WhoCares WhoCares is offline
who cares
 
Join Date: Jan 2002
Location: Here
Posts: 335
Rept. Given: 7
Rept. Rcvd 11 Times in 9 Posts
Thanks Given: 15
Thanks Rcvd at 38 Times in 9 Posts
WhoCares Reputation: 11
wow.

Is it more powerful than IDA?
__________________
AKA Solomon/blowfish.
  #3  
Old 01-06-2019, 02:25
Roy25 Roy25 is offline
Friend
 
Join Date: Sep 2018
Posts: 11
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 7
Thanks Rcvd at 8 Times in 5 Posts
Roy25 Reputation: 0
Thumbs up

Quote:
Originally Posted by WhoCares View Post
wow.

Is it more powerful than IDA?
If it is "released for free public use".. then I wish it is
  #4  
Old 01-06-2019, 13:32
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 222
Rept. Given: 22
Rept. Rcvd 99 Times in 46 Posts
Thanks Given: 38
Thanks Rcvd at 292 Times in 114 Posts
atom0s Reputation: 99
Will be interesting to see how it competes with IDA and BinaryNinja. Given that it is free, if it can give those a run for their money, it could be a good thing and we could see the prices of the other two go down to compete. But, given that it is made by the NSA, there isn't much really pushing for their tool to be anything amazing and there are already worries of trust and what the tool will include in terms of phone-home like telemetry.
__________________
No longer active on this site/forum much. If you need to contact me, you can find me on my personal site here: https://atom0s.com/forums/
The Following User Says Thank You to atom0s For This Useful Post:
p4r4d0x (01-07-2019)
  #5  
Old 01-06-2019, 16:05
qzr qzr is offline
Friend
 
Join Date: Oct 2018
Posts: 5
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 12
Thanks Rcvd at 2 Times in 1 Post
qzr Reputation: 0
Some spoilers could be found on Wikileak: https://search.wikileaks.org/?q=Ghidra
  #6  
Old 01-07-2019, 03:14
nikkapedd nikkapedd is offline
VIP
 
Join Date: Mar 2011
Location: Somewhere In Europe
Posts: 213
Rept. Given: 275
Rept. Rcvd 147 Times in 62 Posts
Thanks Given: 140
Thanks Rcvd at 136 Times in 54 Posts
nikkapedd Reputation: 100-199 nikkapedd Reputation: 100-199
Some code tools are now free from NSA
Code:
https://code.nsa.gov/
The Following 6 Users Say Thank You to nikkapedd For This Useful Post:
ARUBA (01-10-2019), deepzero (01-07-2019), niculaita (01-08-2019), ph03n1x (01-23-2019), sh3dow (01-09-2019), tonyweb (01-07-2019)
  #7  
Old 01-07-2019, 07:43
chants chants is offline
Friend
 
Join Date: Jul 2016
Posts: 336
Rept. Given: 0
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 265
Thanks Rcvd at 304 Times in 171 Posts
chants Reputation: 12
Is this an old resource or just to save face in wake of the leaks?
  #8  
Old 01-07-2019, 10:07
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 222
Rept. Given: 22
Rept. Rcvd 99 Times in 46 Posts
Thanks Given: 38
Thanks Rcvd at 292 Times in 114 Posts
atom0s Reputation: 99
The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.
__________________
No longer active on this site/forum much. If you need to contact me, you can find me on my personal site here: https://atom0s.com/forums/
  #9  
Old 01-07-2019, 23:49
SockPuppet SockPuppet is offline
Friend
 
Join Date: Sep 2018
Posts: 4
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 3
Thanks Rcvd at 8 Times in 2 Posts
SockPuppet Reputation: 0
Quote:
Originally Posted by atom0s View Post
The tool has leaked before, but this is a recent announcement that they plan to fully release it from what the various articles have mentioned. The tool was part of some of the WikiLeaks dumps in the past and you can get it already and compile it yourself if you wanted to though.
Any links to the leaks? Google not very helpful with this.
  #10  
Old 01-08-2019, 10:39
chants chants is offline
Friend
 
Join Date: Jul 2016
Posts: 336
Rept. Given: 0
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 265
Thanks Rcvd at 304 Times in 171 Posts
chants Reputation: 12
Any comments about the quality of the decompiler?
  #11  
Old 01-08-2019, 13:37
atom0s's Avatar
atom0s atom0s is offline
Family
 
Join Date: Jan 2015
Location: 127.0.0.1
Posts: 222
Rept. Given: 22
Rept. Rcvd 99 Times in 46 Posts
Thanks Given: 38
Thanks Rcvd at 292 Times in 114 Posts
atom0s Reputation: 99
Quote:
Originally Posted by SockPuppet View Post
Any links to the leaks? Google not very helpful with this.
For full results on Wikileaks:
https://search.wikileaks.org/?q=Ghidra

More specific ones with actual info:
https://wikileaks.org/ciav7p1/cms/page_11628795.html
https://wikileaks.org/ciav7p1/cms/page_51183656.html

There are leaks around the web still that have the Vault 7 files and such, some were uploaded to GitHub and similar. But they are all still findable on Google.
__________________
No longer active on this site/forum much. If you need to contact me, you can find me on my personal site here: https://atom0s.com/forums/
The Following User Says Thank You to atom0s For This Useful Post:
tonyweb (01-08-2019)
  #12  
Old 01-08-2019, 18:45
Mendax47 Mendax47 is offline
Friend
 
Join Date: Jun 2016
Location: Earth..
Posts: 93
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 145
Thanks Rcvd at 82 Times in 32 Posts
Mendax47 Reputation: 1
There Is A Actual download Link on Wikileaks but can't access to that site

"The Ghidra packages are available on DEVLAN @ \\fs-01.devlan.net\share\NSA\Ghidra"
  #13  
Old 01-09-2019, 04:15
chants chants is offline
Friend
 
Join Date: Jul 2016
Posts: 336
Rept. Given: 0
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 265
Thanks Rcvd at 304 Times in 171 Posts
chants Reputation: 12
That site is probably internally accessible only and a honeypot from the outside so be careful.
The Following User Says Thank You to chants For This Useful Post:
sh3dow (01-09-2019)
  #14  
Old 01-12-2019, 01:08
contactmebyhere contactmebyhere is offline
Friend
 
Join Date: Nov 2017
Posts: 4
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 6 Times in 2 Posts
contactmebyhere Reputation: 1
I heared somewhere that the NSA tool were useful to defeat (at least a part) of themida protector. I hope their source code will help our community.
I'll never run their jar
  #15  
Old 01-12-2019, 19:21
chants chants is offline
Friend
 
Join Date: Jul 2016
Posts: 336
Rept. Given: 0
Rept. Rcvd 11 Times in 10 Posts
Thanks Given: 265
Thanks Rcvd at 304 Times in 171 Posts
chants Reputation: 12
I can't imagine it will be a full-fledged decompiler which beats hex-rays in its current incarnation though. From what I have seen it looks like just another advanced disassembly tool with some basic decompilation tricks.

But did anyone notice how chessgod101 mysteriously deleted his post after I called it out as an obvious honeypot?
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 03:06.


��ICP��05004977��
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX